Security Analyst, is responsible for using variety of IT Risk, Compliance, Security management methods, tools and technologies to assess, review, analyze, measure and recommend actionable guidance to IT System and Service Owners to define, enhance security policies, controls, standards to manage and/or mitigate security risks for M Health Fairview. Successful candidate would possess understanding of security principles, frameworks, company policies, risk and compliance needs for M Health Fairview. Operational duties may include collaborating with peer engineers/analysts, analyzing, prioritizing and leading gap mitigation efforts to address key security policy, standards and regulatory compliance gaps. Senior Security Analysts will have general understanding of potential security threats, vulnerabilities, risks or exposure and exploitability, criticality of service or technology to business and disaster and recovery, resiliency needs, counter measures and methods to address risks. Successful candidate will proactively document, follow and coordinate actions to assess, enumerate risk and collaborate with IT and Business teams to come up with remediation steps and help minimize security risk.
Understanding different domains of security and associated standards and frameworks including but not limited to authentication, authorization, network security, data security, loss prevention, endpoints, Operating Systems, coding principles, development methodologies, web/mobile applications, use of public and private networks, devices and applications hosted in public/private/hybrid cloud environments
Subject matter resource in one or more areas of Security Operations, IT Risk assessments, risk management, regulatory compliance needs for PCI/HIPAA/SOX, Security & Risk Policies, IT & Security Governance, Disaster Recovery/Business Continuity Management, Internal Audit, Risk Matrix & IT General Controls
Experience analyzing risk and prioritization of vulnerability remediation using MITRE ATT&CK within the greater context of assets and the control stack
Understanding of security policies, standards, risk enumeration techniques, cybersecurity frameworks
Coordinate technical and risk management efforts to assess and remediate gaps including tool/technology deficiencies
Define and document processes and enhance existing processes partnering with business and IT teams.
Serve as security subject matter resource in assisting external and internal audits, risk assessments, policy and standard violation investigations, security incident investigations, fulfilling IT requests, attending to escalated incidents and supporting business and IT teams.
Contribute to complex projects related to information security regulatory compliance and the implementation and maintenance of all cybersecurity programs, processes and technologies. Assure the implementation of appropriate security configurations or re-configurations and work with appropriate teams to execute them as required.
Foster a culture of improvement, efficiency gains and innovative thinking. Coach and mentor team members as needed. Adapt and embrace change and demonstrate flexibility in taking up and fulfilling other duties as assigned.
Bachelors degree in any discipline or combination of relevant experience/education.
5+ years of cumulative experience in development and/or support of IT or Business Systems
2+ years of experience in two or more areas of managing/supporting Security operations, automation tools, policy, security standards, risk management, internal/external security audit, threat modeling, security access governance, deployment/support of Cybersecurity tools and technologies
Ability to thrive in a sense-of-urgency environment and leverage best practices
Bachelors degree in Computer Science, Computer Engineering, Technology Information Systems, Engineering or related technical discipline
Ability to author and edit scripts such as PowerShell, Python and exposure to or knowledge of REST API and JSON batching and workflow automation
Industry specificand technical certifications Security+, CEH, SANS GIAC etc
Together with the University of Minnesota and University of Minnesota Physicians we have created M Health Fairview. M Health Fairview is the newly expanded collaboration among the University of Minnesota, University of Minnesota Physicians, and Fairview Health Services. The healthcare system combines the best of academic and community medicine — expanding access to world-class, breakthrough care through our 10 hospitals and 60 clinics.
Fairview Health Services (fairview.org) is an award-winning, nonprofit health system providing exceptional care across the full spectrum of health care services. Fairview is one of the most comprehensive and geographically accessible systems in the state, with 10 hospitals—including an academic medical center and long-term care hospital—serving the greater Twin Cities metro area.
Its broad continuum also includes 60 primary care clinics, specialty clinics, senior living communities, retail and specialty pharmacies, pharmacy benefit management services, rehabilitation centers, counseling and home health care services, medical transportation, an integrated provider network and health insurer PreferredOne. In partnership ...with the University of Minnesota, Fairview’s 32,000 employees and 2,400 affiliated providers embrace innovation to drive a healthier future through healing, discovery and education.